- Home
- News & insights
- Insights
- The NIS2 Directive:…
- On this page
18 February 2026
Publication series – 2 of 77 Insights
The NIS2 Directive: Challenges Renewable Energy Companies
- Briefing
Introduction to NIS2
With the recent entry into force of the NIS2 Directive, the European Union has taken a decisive step toward harmonizing and strengthening cybersecurity requirements within its member states. The Directive notably replaces and expands upon its predecessor, tightening regulations and broadening the range of entities subject to cybersecurity obligations. In Germany, these requirements have been implemented with the new BSIG (Act on the Federal Office for Information Security and on the Strengthening of the Security of Information Technology Systems), which came into effect in December 2025.
General Requirements and Scope
NIS2’s central objective is to raise the level of digital resilience across critical sectors by obliging defined entities to implement robust technical and organizational measures for managing cyber risks. The framework distinguishes between “essential” and “important” entities on the basis of sectoral relevance and company size. In the energy sector, this includes not only large producers and grid operators but also a much broader range of market participants than before, e.g. in the areas of power supply, district heating supply and gas supply.
Key requirements include:
- Proactive risk management: Entities must identify, assess, and address cybersecurity risks across their entire value chain.
- Comprehensive reporting obligations: Significant security incidents must be reported promptly within strict deadlines (early warning within 24 hours, notification within 72 hours, and a final report within one month).
- Executive accountability: Management personnel are personally responsible for ensuring compliance, including ongoing oversight and regular cybersecurity training
- Potential for severe sanctions: Non-compliance may result in substantial administrative fines, calculated as a portion of worldwide turnover.
Sectoral Considerations
Renewable energy companies were already subject to mandatory IT security measures, particularly under the German Energy Industry Act (EnWG), which obliged operators of energy supply networks and energy installations to implement IT security measures. However, these obligations for energy installation operators only applied if the renewable energy company operates installations that qualify as critical infrastructure and reach certain supply-relevant thresholds.
Now, renewable energy companies are subject to NIS2 requirements (deriving both from BSIG and EnWG) if they either operate critical infrastructure or have at least 50 employees or achieve an annual turnover of at least EUR 10 million and perform an activity regulated in Annexes 1 and 2 of the BSIG, such as - inter alia -:
- Electricity suppliers
- Operators of electricity distribution networks
- Operators of transmission networks
- Operators of generation plants
- Aggregators
- Operators of energy storage facilities
- Charge point operators
- Operators in the field of hydrogen production, storage, and transmission
While NIS2 generally provides a uniform framework, practical application in the energy sector clearly raises specific considerations. The sector is characterized by complex operational models, such as the outsourcing of operations or management functions, which can make it challenging to clearly determine the responsible legal entity for compliance purposes.
Additionally, energy companies remain subject to further national energy regulations. In Germany, for example, an “IT Security Catalogue” (which is currently being revised) prepared by the telecommunication and network regulator stipulates binding requirements for information security obligations, including mandatory ISO27k certifications.
Conclusion
The NIS2 Directive fundamentally reshapes the cybersecurity landscape for the energy sector, imposing more extensive and standardized duties while shifting accountability directly to organizational leadership. The main challenges now lie in the practical implementation of these requirements – especially regarding risk assessment, organizational liability, and compliance management – within the increasingly complex structures characteristic of modern energy markets. An overview of the most important NIS2 requirements for the energy sector can be found here.
In this series
The NIS2 Directive: Challenges Renewable Energy Companies
18 February 2026
EU specifies certification of permanent CO₂ removals
11 February 2026
by Dr. Janina Pochhammer, Dr. Niels L. Lange, LL.M. (Stellenbosch)
Electricity Tax Amendment 2025/2026: New rules for BESS, charging infrastructure and renewable energies
14 January 2026
Battery storage systems in outdoor areas - current classification in accordance with § 35 BauGB
19 December 2025
HR compliance in the energy sector – customs authorities step up the fight against sham-employment
15 December 2025
The Current Challenges for Offshore Wind Energy in Germany
2 December 2025
by Multiple authors
Offshore wind in Germany: from market premiums to Contracts for Difference?
28 November 2025
by Multiple authors
Energy Sharing under Section 42 of the German Energy Industry Act (EnWG)
26 November 2025
Bundestag Decides on the Privileging of Battery Storage Facilities in Outdoor Areas under § 35 (1) BauGB
12 November 2025
Industrial electricity price: Initial assessment and opportunities for companies
21 November 2025
by Dr. Markus Böhme, LL.M. (Nottingham), Johannes Schaadt-Wambach, LL.M. (Prag)
FIDIC – An introduction to the FIDIC Suite 2017
22 October 2025
by Multiple authors
The Renewable Energy Expansion Acceleration Act – a boost for the energy transition in Austria?
23 September 2025
Federal Network Agency discussion paper on reforming grid fees for industry and commerce
25 September 2025
by Multiple authors
German-Dutch Treaty on Cross-Border Energy Projects
18 September 2025
by Multiple authors
Energy communities in Austria and the new Electricity Industry Act (ElWG)
15 September 2025
New amendment to the Energy Industry Act (EnWG) introduced in July and August 2025
8 September 2025
Clean Industrial Deal State Aid Framework (CISAF) – a new state aid framework for the green transformation of industry
8 September 2025
by Dr. Michael Brüggemann, Johannes Schaadt-Wambach, LL.M. (Prag)
Industrial electricity prices: initial assessment and opportunities for businesses
18 August 2025
by Johannes Schaadt-Wambach, LL.M. (Prag), Dr. Markus Böhme, LL.M. (Nottingham)
Regulatory Framework for Transmission System Operators in Germany
18 August 2025
by Multiple authors
Court ruling on the effectiveness of availability guarantees for wind turbines
31 July 2025
New Legal Framework for the Commercial Use of Carbon Capture and Storage (CCS) and Carbon Capture and Utilisation (CCU)
11 July 2025
by Multiple authors
Are offshore wind converter platforms a bottleneck in the energy transition? New German government wants to create production capacities at German shipyards
17 June 2025
by Multiple authors
Speeding up the energy transition - the new German government’s plans for gas and steam power plants and its quest for the right technology for renewable energy
8 May 2025
by Multiple authors
Update - Change of government opens the door to carbon capture and storage and carbon capture and utilisation
17 April 2025
by Multiple authors
The special fund for infrastructure and climate protection - what is next?
10 April 2025
by Multiple authors
Changes to CBAM through Omnibus legislative package
10 April 2025
The role of heat probes in the energy transition: Authorisation procedures and potential
26 March 2025
CJEU judgement on customer installations in accordance with Section 3 No. 24a Law on the Energy Industry EnWG
26 March 2025
by Dr. Markus Böhme, LL.M. (Nottingham), Dr. Christian Ertel
Will the new German government open the door for carbon capture and storage?
26 February 2025
by Multiple authors
Waste heat from data centres - new reporting obligations under the EnEfG
6 February 2025
by Multiple authors
Oman and Belgium Sign Landmark MoU on Green Hydrogen Cooperation
11 December 2024
Decision day: Grid fee exemption in customer systems and energy price brake put to the test
28 November 2024
by Dr. Christian Ertel, Dr. Markus Böhme, LL.M. (Nottingham)
Hydrogen core network - The Federal Network Agency’s strategy for the energy transition
11 November 2024
by Multiple authors
Amendment to the Energy Industry Act: changes for energy supply companies and grid and system operators
18 September 2024
by Dr. Christian Ertel, Dr. Markus Böhme, LL.M. (Nottingham)
Standard Essential Patents: A new challenge for the IoT and smart meter world
10 September 2024
Land acquisition and data protection: The importance of the GDPR when project developers request owner data
18 July 2024
by Dr. Patrick Vincent Zurheide, LL.M. (Aberdeen), Dr. Julia Wulff
Municipalities to share profit in wind turbines and ground-mounted photovoltaic systems
11 July 2024
by Multiple authors
Solar Package I - Overview of Changes to Ground-Mounted and Building-Mounted PV Systems
27 May 2024
Mandatory special charge for open space photovoltaic systems in Brandenburg
21 February 2024
by Multiple authors
A new era for wind energy investments in Hungary
Power Play: Renewable Energy Update
26 January 2024
Updating the National Hydrogen Strategy
6 November 2023
by Dr. Niels L. Lange, LL.M. (Stellenbosch), Dr. Janina Pochhammer
The new CO2 border adjustment mechanism (Carbon Border Adjustment Mechanism - “CBAM”) - first statutory reporting obligations set for January 2024
Power Play: Renewable Energy Update
3 November 2023
New IT security requirements for the energy sector
Power Play: Renewable Energy Update
1 September 2023
by Dr. Paul Voigt, Lic. en Derecho, CIPP/E, Alexander Schmalenberger, LL.B.
Does monument protection hinder the expansion of renewable energies?
Power Play: Renewable Energy Update
16 August 2023
The amending law to strengthen digitisation in the urban land use planning process and the further expansion of renewable energies
Power Play: Renewable Energy Update
6 July 2023
Challenges for data center operators - The federal government’s draft bill for an energy efficiency act
Power Play: Renewable Energy Update
12 April 2023
by Multiple authors
The Energy Charter Treaty in the Light of the Electricity Price Brake: An opportunity for investors to litigate?
27 January 2023
Ordinance for Determining Critical Infrastructures (KritisV): Renewable energy plants as critical infrastructure and requirements for IT protection
Power Play: Renewable Energy Update
12 July 2022
by Dr. Paul Voigt, Lic. en Derecho, CIPP/E, Dr. Markus Böhme, LL.M. (Nottingham)
Liquefied Natural Gas Projects in Germany: The LNG Acceleration Act
Q&A series: Energy & Infrastructure
10 June 2022
Participation of local municipalities in the context of wind and photovoltaic projects
Power Play: Renewable Energy Update
5 May 2022
Renewable Energy Wrap-Up – France
Power Play: Renewable Energy Update
27 April 2022
Renewable Energy Wrap-Up - United Kingdom
Power Play: Renewable Energy Update
15 March 2022
Building energy performance: the revised Energy Performance of Buildings Directive
Power Play: Renewable Energy Update
14 February 2022
Fit for 55 – Hydrogen and the Reform of the European Gas Market
Power Play: Renewable Energy Update
11 January 2022
Renewable Energy Wrap-Up – Netherlands
Power Play: Renewable Energy Update
2 December 2021
Renewable Energy Wrap-Up – Poland
Power Play: Renewable Energy Update
21 September 2021
by Olav Nemling
Renewable Energy Wrap-Up – Austria
Power Play: Renewable Energy Update
18 August 2021
Renewable Energy Wrap-Up - Germany
Power Play: Renewable Energy Update
12 July 2021
Floating Foundations for Offshore Wind Farms
Power Play: Renewable Energy Update
8 June 2021
Species protection exemption: Significance for wind energy
Power Play: Renewable Energy Update
25 May 2021
Power-to-Hydrogen
Power Play: Renewable Energy Update
6 April 2021
Focus PV – Floating Solar and Agrivoltaics
Power Play: Renewable Energy Update
23 March 2021
